For cPanel & WHM 54

New features

Team: Code Monkeys

New scripts

Team: Cobra

External authentication

In cPanel & WHM version 54, we added External Authentication, which allows system administrators to grant WHM, cPanel, and Webmail users the ability to use external methods of server authentication.

System administrators can select and configure the providers in WHM's Manage External Authentications interface (Home >> Security Center >> Manage External Authentications). System administrators can also use this interface to revoke the credentials of users.

cPanel and Webmail users can link their accounts to accounts at the external provider through the External Authentication section of cPanel's Password & Security interface (Home >> Password & Security) or from the service's login interface.

If the user is currently authenticated to an external provider that they've linked to their account, they can click on the provider's button on the login interface to automatically log in.

Currently, the service allows WHM, Webmail, and cPanel users the ability to authenticate with their cPanelID credentials, which they can register and manage at cPanel's Manage2 portal, cPanel Store, or our Ticket system.

Your server will automatically configure cPanelID and populate that provider with the necessary Client ID and Client Secret from the license server when you perform a cPanel Update (upcp).

We include several additional sample authentication provider modules as examples for developers.

You can also add your own authentication provider to the list. For information about how to add your authentication provider, read our Guide to External Authentication in the SDK.

Warning:

If your server uses a firewall, you must allow traffic over ports 2083, 2087, and 2096 for External Authentication to function.

You cannot currently link an external account to multiple cPanel accounts, WHM accounts, or Webmail accounts. However, you can link an external account to a cPanel account, a WHM account, and a Webmail account. Also, you can link multiple external accounts to the same cPanel, WHM, or Webmail account. We expect to expand this functionality in a future release.

Notes:

The system will automatically disable missing or misconfigured provider modules.

Most providers allow you to register for an account as part of the authentication process.

If you change your server's hostname, you must update the Redirection URI settings in the configuration settings at the external authentication provider's site to reflect the new hostname.

Only system accounts use the system's Two-Factor Authentication. Users who log in to cPanel, WHM, and Webmail through External Authentication will use whichever methods that the external authentication service includes.

The Call method for API privilege escalation

In cPanel & WHM version 54, we introduced the Call method for API privilege escalation, which allows you to run specific functions in your code as the root user. This new method is much easier to use than the send_cpwrapd_request method, and we strongly recommend that you use it for Perl modules.

Note:

We strongly recommend that you set the mode in your application's configuration file to full, unless your application requires simple mode.

PHP-FPM

In cPanel & WHM version 54, we added the PHP-FPM implementation to the cpservd daemon's configuration. This will improve performance of PHP-based internal applications that ship with cPanel, such as:

phpMyAdmin

phpPgAdmin

Roundcube

Horde

SquirrelMail

And any third-party PHP application installed for the user.

This service logs errors and unusually slow script performance in the following locations:

/usr/local/cpanel/logs/php-fpm/error.log — The main error log file for the PHP-FPM implementation.

/var/cpanel/php-fpm/$user/logs/slow.log — The log file for scripts that run unusually slow for a user, where $user represents the cPanel account name.

/var/cpanel/php-fpm/$user/logs/error.log — The error log file for a user, where $user represents the cPanel account name.

To manage the service and monitoring of the service, use the FPM Service for cPanel Daemons settings in WHM's Service Managerinterface (Home >> Service Configuration >> Service Manager).

Note:

This service will accelerate a maximum of concurrent 10 processes per user.

Suspend and unsuspend email accounts

In cPanel & WHM version 54, cPanel account owners and WHM users can suspend and unsuspend email accounts. Suspension prevents logins and access to a mail account, and it rejects any incoming mail to the account. Before, if a user was compromised or sent spam, a system administrator or reseller could only suspend an entire cPanel account.

When you suspend an email account, the system also suspends any aliases or forwarders that redirect email to the account.

If you suspend an email account for outbound spam, we strongly recommend that you check the mail queue with WHM's Mail Queue Manager interface (Home >> Email >> Mail Queue Manager) to confirm there is no additional outbound traffic from that account.

Remote package account for transfers

WHM's Transfer Toolinterface (Home >> Transfers >> Transfer Tool) uses this function to remotely back up the accounts on the source server that you wish to transfer to the target server.

After the target server cals the function and triggers the backup process, it calls the /usr/local/cpanel/whostmgr/docroot/cgi/ live_tail_log.cgi script on the source server in order to stream results to the target server's transfer log.

Previously, the target server would initiate an SSH session and run the pkgacct script on the remote server through that session. The target server monitored the progress of the backup processes through the SSH session. If the session encountered an error or failed, the pkgacct script would fail.

Notes:

Both the source and target servers must run cPanel & WHM version 54 or later in order for this function to run. Otherwise, the target server uses the legacy SSH session behavior.

If the target server fails to stream the log data for the remote package account five times concurrently or 50 times total from the source server, the target server will revert to the legacy SSH session connection behavior.

We strongly recommend that you review your Contact Manager settings to ensure that you will receive important server notices.

Error IDs

In cPanel & WHM version 54, we added error IDs to most error messages that users encounter. All error IDs begin with the string XID and a space character.

When a user reports an error ID to their system administrator or cPanel Technical Support, the troubleshooter can filter the server's log files with it and diagnose the issue more quickly.

FastUpdate touch file

To disable FastUpdate on your server, log in to your server via SSH and run the following command as the root user:

touch /var/cpanel/never_ever_use_fast_update_not_even_a_check

To reenable FastUpdate on your server, run the following command as the root user:

rm /var/cpanel/never_ever_use_fast_update_not_even_a_check

MySQL temporary user issue

In earlier versions of cPanel & WHM, the system created temporary MySQL®/MariaDB users whenever a user logged in to cPanel via external session creation instead of password authentication. This caused high load and performance issues on systems with frequent logins.

As of cPanel & WHM version 54, we no longer created temporary users for external session logins until a script or user accessed the phpMyAdmin feature or the backup functionality.

Third-party plugins that require access to temporary MySQL users (found in $ENV{'REMOTE_DBOWNER'}) will now need to call the Session::create_temp_user function in order to create the temporary users before they are available. This function is available in cPanel & WHM version 54.0.16 and later.

Team: Honey Badgers

TLS 1.2 support

cPanel & WHM now supports TLS 1.2, as well as the encryption protocols contained within it. CentOS 6.0 through 6.4 systems cannot upgrade to version 54 until they update to a version of OpenSSL that supports TLS 1.2 or higher. If the CentOS system does not meet these requirements, cPanel & WHM blocks them.

General EasyApache 4 improvements

We added the Testing and Unsupported repositories to the httpupdate mirrors.

Team: Loose Cannon

User Manager

In cPanel & WHM version 54, we added the User Manager interface (Home >> User Preferences >> User Manager). cPanel account users can use this interface to add, manage, and delete subaccounts. cPanel account users can also merge their current email, FTP, and Web Disk accounts into a subaccount. The User Manager interface allows you to create a subaccount with email, FTP, and Web Disk access on a single page. This interface includes the option to add the subaccount user's name and an alternate email address. It also allows cPanel users to edit a subaccount user's FTP and Web Disk home directory. The User Manager interface contains advanced filtering options that allows a cPanel account user to search for subaccounts by services and issues, and it's search box uses incremental search.

Subaccounts

In cPanel & WHM version 54, we have introduced subaccounts. cPanel account users can create subaccounts that use the same login and password information for email, FTP, and Web Disk services. The system maintains password synchronization between each of the subaccount user's allowed services. cPanel account users can add and remove a subaccount's email, FTP, and Web Disk services without updating the subaccount's password.

Team: Phoenix

Accounts automatically update to Paper Lantern theme

As of cPanel & WHM version 54, when you upgrade your system, cPanel accounts on the x3 and x3mail themes will automatically update to the Paper Lantern theme with the Retro style. For more information, read our x3 deprecation schedule.

New interfaces for the Paper Lantern theme

As of cPanel & WHM version 54, the Paper Lantern theme is reconfigured with a sidebar, the Dashboard interface, the Statistics interface, and the Notifications interface. For more information, read our cPanel Interface documentation.

jQuery requirements for custom interfaces

In cPanel & WHM version 54, we reduced the cPanel interface's jQuery needs to use only one version of jQuery, and modified the way in which the cPanel interface loads jQuery. Due to these changes, third-party developers must update their custom interface code to handle jQuery properly. For more information, read our Guide to cPanel Interface Customization - jQuery documentation.

Team: Spider Pig

Two-Factor Authentication

This function allows you to configure two-factor authentication (2FA), an improved security measure for the login interface of cPanel & WHM. Two-factor authentication requires two forms of identification: your password and a generated security code. With 2FA enabled, an application on your smartphone uses a Time-based One-time Password (TOTP) algorithm to supply a code that you must enter with your password to log in. Without the security code, you cannot log in.

To enable the Two Factor Authentication UI on your system, enter the following command:

**This may cause some third-party applications to break significantly and cause applications to improperly store data**

API Access

If two-factor authentication is enabled, some API calls will be blocked. The system does not allow basic HTTP auth API calls when authenticated as a user with 2FA configured. You must establish a session and include the session's security token when making the API calls. For more information, read our Guide to API Authentication documentation.

This feature is one of the most highly requested features on features.cpanel.net. We at cPanel worked hard to bring this in cPanel & WHM version 54. When the new feature hit the EDGE release tier, some of our third-party integrators grew concerned about the changes made to the API system.

Updated features

Team: Code Monkeys

Improved IPv6 support

Shared IPv6 address support

cPanel & WHM now includes a setting that specifies the server's shared IPv6 address. You can configure this setting through the following methods:

Modify the ADDR6 value in the /etc/wwwacct.conf file before you install cPanel & WHM.

New Prefer IPv4 over IPv6 for outgoing mail setting

We have temporarily removed this functionality from cPanel & WHM version 54. Features may continue to display in the cPanel & WHM interface, but do not currently function.

We added the Prefer IPv4 over IPv6 for outgoing mail setting to the Domains and IPs section of the Basic Editor tab in WHM's Exim Configuration Manager interface (Home >> Service Configuration >> Exim Configuration Manager).

If you enable this setting, cPanel & WHM applies a patch to modify Exim's behavior to prefer IPv4 addresses over IPv6 addresses when it sends mail.

If you disable this setting, the system uses Exim's default behavior for the order in which it attempts to send mail on IPv4 and IPv6 addresses.

In previous versions of cPanel & WHM, we applied this patch without an option to remove it. For this reason, this setting defaults to On to maintain cPanel & WHM's current behavior. However, as cPanel & WHM moves toward full IPv6 support, we strongly recommend that you disable this setting and allow Exim to use its default behavior.

Team: Cobra

Change Password interface changed to Password & Security

In cPanel & WHM version 54, we renamed cPanel's Change Password interface to the Password & Security interface (Home >> Preferences >> Password & Security). Because the interface now manages the account's password and its External Authentication linkages, we felt that the interface name should reflect this.

MariaDB 10.1

In cPanel & WHM version 54, we upgraded MariaDB to version 10.1.

Warning:

MariaDB's sql_mode variable now defaults to include the NO_ENGINE_SUBSTITUTION, NO_AUTO_CREATE_USER modes.

If you have not set a custom sql_mode variable and your application requires that these modes be off, we strongly recommend that you update your application to either turn these modes off or not to depend on an off state.

If you have set a custom sql_mode variable, your system will retain your custom sql_mode modes after the upgrade.

Arguments added to pkgacct script

In cPanel & WHM version 54, we added a large number of arguments to the /scripts/pkgacct command-line script.

Also, we now allow you to separate arguments and values with either a space or an equals sign (=).

Reseller Center improvements

In cPanel & WHM version 54, we added the option for the root user to log in to cPanel or WHM as a specified reseller to WHM's Reseller Centerinterface (Home >> Resellers >> Reseller). This is similar to the function in WHM's List Accountsinterface (Home >> Account Functions >> List Accounts) that allows the root user to log in to a cPanel account.

Dormant services changes

The Dormant services option in Tweak Settings now unloads idle services from memory after two minutes of activity. Previously, the setting unloaded services from memory after five minutes of inactivity.

Database name changes

In cPanel & WHM version 54, we expanded the scope of characters that you may use for database names.

Database names may now use any printable ASCII character, including spaces, except the following characters:

Legacy versions of MySQL do not allow periods (.) in database names. We strongly urge all customers to convert to MariaDB or to upgrade to MySQL 5.6.

You cannot use multi-byte UTF-8 characters in MySQL or PostgreSQL database names.

RecentAuthedMailIpTracker now excludes all local IP addresses

The RecentAuthedMailIpTracker driver tracks the IP addresses for recently-authenticated IMAP and POP3 sessions. In cPanel & WHM version 54, this driver now excludes all of the server's local IP addresses and the loopback address in order to prevent abuse of POP before SMTP authentication. Previously, the driver only excluded the loopback address.

To enable or disable the RecentAuthedMailIpTracker driver, use WHM's Service Manager interface (Home >> Service Configuration >> Service Manager).

Note:

We strongly recommend that you use SMTP authentication instead of POP before SMTP.

Standardized Hooks - Debug Mode moved

System administrators can now control debug mode for Standardized Hooks with the Standardized Hooks - Debug Mode option in the Development section of WHM's Tweak Settings interface (Home >> Server Configuration >> Tweak Settings). In previous versions, debug mode was available through direct modification of the /var/cpanel/cpanel.config file.

Team: Honey Badgers

Add 'yum update' user interface to WHM

We updated the System Update interface (Home >> Software >> System Update) in WHM to use the yum interfaces created in EasyApache 4.

EasyApache 4 migration improvements

The new EasyApache 4 inspects the options you select in EasyApache 3, and then installs the appropriate RPM via yum in EasyApache 4. cPanel & WHM also improved the user experience in the EasyApache 4 migration script, which increase the success rate of migration. To accomplish this, the EasyApache 4 migration installs all default packages from EasyApache 3.

EasyApache 4 user interface improvements

We localized the EasyApache 4 profile descriptions into multiple languages and improved the display of error messages within the EasyApache 4 provision stage. This allows for users to select their Apache modules, Apache MPM, PHP version, and PHP extension preferences via the EasyApache 4 user interface. However, this feature is in technical preview. We set a warning to alert users that the EasyApache 4 user interface recommends that the user use yum for the most stable user experience. The system also highlights the user's active profile for the EasyApache 4 user interface as the first "Current Profile" when it displays the list of available profiles.

Team: Loose Cannon

FTP accounts

In cPanel & WHM version 54, we added support to create FTP accounts for any domain that the cPanel account owns.

Team: Release Team

Changes to the Cpanel::PublicAPI module

In cPanel & WHM version 54, we no longer ship the Cpanel::PublicAPI module. Instead, we now ship an RPM of the cPanel::PublicAPI CPAN module.

Note:

The Cpanel::Accounting module is a wrapper for this module.

We also added the ssl_verify_mode parameter to the module. This boolean parameter controls whether the module verifies SSL certificates.

This parameter defaults to 1, which causes the module to verify SSL certificates.

We strongly recommend that you do not set this value to 0 unless you must use self-signed certificates.

Previously, the Cpanel::PublicAPI module did not verify SSL certificates.

Team: Spider Pig

Additional cPHulk options

The Configuration Settings section of WHM's cPHulk Brute Force Protection interface (Home >> Security Center >> cPHulk Brute Force Protection) now includes the option to apply username-based protection to local addresses only. This ensures that a user cannot brute force other accounts on the same server. This option appears in the Username-based Protection section of the Configuration Settings.

The default setting for the Username-based Protection settings is now On.

The default setting applies username-based protection to local addresses only.

Updated the /bin/rebuild_phpconf script

We greatly improved this script to allow you to better view and manage their system's default PHP version and PHP handlers in EasyApache 4.

Note:

These script changes only apply to systems that run EasyApache 4.

Deprecated and removed items

Team: Loose Cannon

ProFTPD login without domain

We removed the ability to use the username without a domain for ProFTPD. cPanel did not officially support the ability to log in to ProFTPD without the domain. You must use the full username to log in to FTP services.

Team: Phoenix

Deprecated CGI features

The new default cPanel theme (Paper Lantern) does not include an equivalent to the deprecated x3 theme's CGI Center interface (Home >> Software and Services >> CGI Center). We do not plan to add one in future versions of cPanel & WHM.

Existing CGI scripts will continue to function, regardless of the cPanel theme.

Prelinking support removed

Prelinking is now disabled by default. cPanel does not officially support prelinking. For more information about how to disable prelinking, read our Disable Prelinking documentation.

Team: Spider Pig

Courier removed

We removed Courier from cPanel & WHM. During installation, a server administrator who still uses Courier has 29 days to take action: either convert to Dovecot or pin the version to 11.52 LTS without an upgrade. If they take no action after 29 days, we automatically convert the mail servers to Dovecot.

Note:

When the system switches the mailserver from Courier to Dovecot, the SSL certificate used by the POP3 service might change. This is because Courier uses two SSL certificates (IMAP and POP3) and Dovecot only uses one. Dovecot will reuse the existing IMAP SSL certificate.

Appendix A: Provided third-party applications

cPanel-provided

cPanel & WHM version 54 includes the following third-party applications:

OS-provided

We use CentOS servers to generate these lists. The specific version numbers and packages may vary slightly on CloudLinux™ and Red Hat® Enterprise Linux servers.

CentOS, CloudLinux™, or RHEL® 5, 32-bit architecture...

Note:

We last updated this list for cPanel & WHM version 11.52. Because we no longer support CentOS, CloudLinux, or RHEL 5 for new installations, we will not update this list for future versions of cPanel & WHM.

Third-party application

Version

Source

aspell

0.60.3-13

RPM

aspell-en

6.0-3

RPM

at

3.1.8-84.el5_11.1

RPM

autoconf

2.59-12

RPM

automake

1.9.6-3.el5

RPM

bind

9.3.6-25.P1.el5_11.2

RPM

bind-devel

9.3.6-25.P1.el5_11.2

RPM

bind-libs

9.3.6-25.P1.el5_11.2

RPM

bind-utils

9.3.6-25.P1.el5_11.2

RPM

binutils

2.17.50.0.6-26.el5

RPM

bison

2.3-2.1

RPM

bzip2

1.0.3-6.el5_5

RPM

caching-nameserver

9.3.6-25.P1.el5_11.2

RPM

cairo

1.2.4-5.el5

RPM

compat-db

4.2.52-5.1

RPM

coreutils

5.97-34.el5_8.1

RPM

cpio

2.6-26.el5

RPM

cpp

4.1.2-55.el5

RPM

crontabs

1.10-11.el5

RPM

curl

7.15.5-17.el5_9

RPM

curl-devel

7.15.5-17.el5_9

RPM

db4

4.3.29-10.el5_5.2

RPM

db4-devel

4.3.29-10.el5_5.2

RPM

e2fsprogs

1.39-37.el5

RPM

e2fsprogs-devel

1.39-37.el5

RPM

expat

1.95.8-11.el5_8

RPM

expat-devel

1.95.8-11.el5_8

RPM

expect

5.43.0-8.el5

RPM

file

4.17-28

RPM

flex

2.5.4a-41.fc6

RPM

fontconfig

2.4.1-7.el5

RPM

freetype

2.2.1-32.el5_9.1

RPM

ftp

0.17-38.el5

RPM

gamin

0.1.7-10.el5

RPM

gamin-devel

0.1.7-10.el5

RPM

gcc

4.1.2-55.el5

RPM

gcc-c++

4.1.2-55.el5

RPM

gd

2.0.33-9.4.el5_4.2

RPM

gd-devel

2.0.33-9.4.el5_4.2

RPM

gd-progs

2.0.33-9.4.el5_4.2

RPM

gdbm

1.8.0-28.el5

RPM

gdbm-devel

1.8.0-28.el5

RPM

gettext

0.17-1.el5

RPM

gettext-devel

0.17-1.el5

RPM

ghostscript

8.70-15.el5_9.3

RPM

giflib

4.1.3-7.3.3.el5

RPM

glib

1.2.10-20.el5

RPM

glibc-devel

2.5-123.el5_11.1

RPM

gmp

4.1.4-10.el5

RPM

gnupg

1.4.5-18.el5_10.1

RPM

gzip

1.3.5-13.el5.centos

RPM

initscripts

8.45.45-1.el5.centos

RPM

iptables

1.3.5-9.2.el5_8

RPM

kernel-headers

2.6.18-404.el5

RPM

krb5-devel

1.6.1-80.el5_11

RPM

lcms

1.18-0.1.beta1.el5_3.2

RPM

less

436-9.el5

RPM

libaio

0.3.106-5

RPM

libaio-devel

0.3.106-5

RPM

libgcc

4.1.2-55.el5

RPM

libgomp

4.4.7-1.el5

RPM

libidn

0.6.5-1.1

RPM

libidn-devel

0.6.5-1.1

RPM

libjpeg

6b-38

RPM

libjpeg-devel

6b-38

RPM

libpcap

0.9.4-15.el5

RPM

libpng

1.2.10-17.el5_8

RPM

libpng-devel

1.2.10-17.el5_8

RPM

libstdc++

4.1.2-55.el5

RPM

libstdc++-devel

4.1.2-55.el5

RPM

libtiff

3.8.2-19.el5_10

RPM

libtiff-devel

3.8.2-19.el5_10

RPM

libtool

1.5.22-7.el5_4

RPM

libtool-ltdl

1.5.22-7.el5_4

RPM

libtool-ltdl-devel

1.5.22-7.el5_4

RPM

libwmf

0.2.8.4-10.2

RPM

libX11-devel

1.0.3-11.el5_7.1

RPM

libxml2

2.6.26-2.1.25.el5_11

RPM

libxml2-devel

2.6.26-2.1.25.el5_11

RPM

libXpm

3.5.5-3

RPM

libXpm-devel

3.5.5-3

RPM

libxslt

1.1.17-4.el5_8.3

RPM

libxslt-devel

1.1.17-4.el5_8.3

RPM

lsof

4.78-6

RPM

lynx

2.8.5-28.1.el5_2.1

RPM

make

3.81-3.el5

RPM

nano

1.3.12-1.1

RPM

ncurses

5.5-24.20060715

RPM

ncurses-devel

5.5-24.20060715

RPM

openssh

4.3p2-82.el5

RPM

openssh-clients

4.3p2-82.el5

RPM

openssh-server

4.3p2-82.el5

RPM

openssl

0.9.8e-33.el5_11

RPM

openssl-devel

0.9.8e-33.el5_11

RPM

pam

0.99.6.2-12.el5

RPM

pam-devel

0.99.6.2-12.el5

RPM

pango

1.14.9-8.el5.centos.3

RPM

passwd

0.73-2

RPM

patch

2.5.4-31.el5

RPM

pcre

6.6-9.el5

RPM

pixman

0.22.0-2.2.el5_10

RPM

popt

1.10.2.3-36.el5_11

RPM

python

2.4.3-56.el5

RPM

python-devel

2.4.3-56.el5

RPM

python-docs

2.4.3-1.1

RPM

python-simplejson

2.0.9-8.el5

RPM

python-tools

2.4.3-56.el5

RPM

quota

3.13-8.el5

RPM

rcs

5.7-30.1

RPM

rdate

1.4-8.el5

RPM

rsync

3.0.6-6.el5_11

RPM

screen

4.0.3-4.el5

RPM

sed

4.1.5-8.el5

RPM

shadow-utils

4.0.17-23.el5

RPM

sharutils

4.6.1-2

RPM

Smartmontools

5.42-2.el5

RPM

strace

4.5.18-18.el5

RPM

stunnel

4.15-2.el5.2

RPM

sysklogd

1.4.1-46.el5

RPM

sysstat

7.0.2-13.el5

RPM

tar

1.15.1-32.el5_8

RPM

tcl

8.4.13-6.el5

RPM

tclx

8.4.0-5.fc6

RPM

tix

8.4.0-11.fc6

RPM

tk

8.4.13-5.el5_1.1

RPM

tkinter

2.4.3-56.el5

RPM

traceroute

2.0.1-6.el5

RPM

unzip

5.52-3.el5

RPM

urw-fonts

2.3-6.1.1

RPM

util-linux

2.13-0.59.el5_8

RPM

vixie-cron

4.1-81.el5

RPM

wget

1.11.4-3.el5_8.2

RPM

which

2.16-7

RPM

zip

2.31-2.el5

RPM

zlib

1.2.3-7.el5

RPM

zlib-devel

1.2.3-7.el5

RPM

zsh

4.2.6-9.el5

RPM

CentOS, CloudLinux™, or RHEL® 5, 64-bit architecture...

Note:

We last updated this list for cPanel & WHM version 11.52. Because we no longer support CentOS, CloudLinux, or RHEL 5 for new installations, we will not update this list for future versions of cPanel & WHM.

cPanel, WebHost Manager, and WHM are registered trademarks of cPanel, Inc. for providing its computer software that facilitates the management and configuration of Internet web servers. ®2018 All rights reserved.